4

There was an interesting paper in 2013 from the University of Pennsylvania called Familiarity Breeds Contempt: The Honeymoon Effect and the Role of Legacy Code in Zero-Day Vulnerabilities. One compelling example the authors discuss is the lack of known security breaches in voting machines, contrasted with the high number of blatant vulnerabilities researchers find on these machines. The authors argue that it may be a "honeymoon effect" that prevents hackers from exploiting these vulnerabilities, since these machines are only in use for one to two days after their release. Without providing the proper amount of time to find and exploit vulnerabilities, these machines are for the most part used for their original intention.[1][2]

My question is simple: is this an example of "security through obscurity"? Could one say that the voting machines' internals are obscured from hackers by the shortness of the time span that they are exposed to the world, and by the fact that they are all closed source, proprietary systems?

If this scenario is not security through obscurity, is there a term that describes this type of "security"?

[1] http://www.acsac.org/2010/openconf/modules/request.php?module=oc_program&action=view.php&a=&id=69&type=2 (PDF)

[2] https://www.youtube.com/watch?v=rhcpCdRvNOg (DEF CON 19)

olliezhu
  • 241
  • 1
  • 6

1 Answers1

2

For the industry in general, particularly in the US, the security of voting machines is not unlike the security of TSA checks. Which is to say, it might work sometimes, but more than anything it's there to make you feel better about the process. Blatant violations of the security structure appear to be rare, but not because of the quality of the security.

While it's nice to feel like voting fraud doesn't happen, it's unlikely that any election of any magnitude anywhere has been perfectly clean. But presumably the fraud in both directions more-or-less averages out over time. Hopefully.

Specifically, beyond the security of the devices themselves, it's also the process put in place around them that contributes to the insecurity of the system. The "sleepover" practice made famous in the 2004 and 2006 US elections continues today in many areas. And when a voting machine shows signs of tampering (as often is the case), it does not necessarily invalidate the count.

But these are always local incidents, each closely associated with a given voting precinct, a given set of election officials, and a given set of local influences. It's the type of incident that requires no technology or vulnerability or security angle. An attack directed at a given voting machine (irrespective of the local officials) would be widespread, diffuse, covert, and systematic.

Part of what protects us here is the complete lack of any sort of coordination. There's no standardization of voting procedures or voting machines. There's no single target, which dramatically complicates the process.

Yes, there's some amount of security through obscurity, but more than anything it's security through confusion. Targetting would likely have to be opportunistic. And typically this is an attack that would be extremely difficult to pull off without physical access. Compound that with the fact that physical access makes fraud easy without any software vulnerability, and it starts to sound like we've been going about this all wrong from the beginning.

tylerl
  • 83,435
  • 26
  • 152
  • 232